Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Server-side Request Forgery (SSRF) vulnerabilities in an interactive lesson.
Start learningUpgrade activitypub_federation
to version 0.5.10 or higher.
Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) through the verify_url_valid
, which allows a user to bypass predefined hardcoded URL paths and security mechanisms designed to prevent Localhost access, enabling arbitrary GET requests to any host, port, and URL via a Webfinger request.